> Hi,
>
> There is a huge discussion about how SMI should work in case of using
> wildcard mapping [1]. Basically when action is defined as follow:
>
> <action name="person*" class="com.demo.PersonAction" method="{1}">
> <result name="success">view.jsp</result>
> <result name="input">input.jsp</result>
> </action>
>
> SMI will allow access any method in PersonAction class because {1} is
> translated into RegEx (.*) - as you can see SMI simply won't work
> here.
>
> Greg propose to drop the translation ({1} -> (.*)) and only base on
> what was defined in <global-allowed-methods/> or <allowed-method/> in
> that case, thus will truly limit access to methods.
>
> wdyt?
>
I agree with Greg. {1} should not be translated to (.*). Is it possible
for action to define own allowed methods in this case (besides
annotations)?
Regards,
Christoph
This Email was scanned by Sophos Anti Virus
